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AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

LISTING OF CLAIMS 

1. (currently amended) A network access control device through in series deterministic 
recognition of application frames satisfying a set of predetermined syntactical rules 
comprising: 

[[-]] means (205) for monitoring and interpretation of the application frames to 
recognize; 

[[-]] means (201) for storing predetermined syntactical rules; 

[[-]] means (202) for compiling the predetermined syntactical rules in a direct 
access data structure; 

[[-]] means (203) for storing said direct access data structure; and 

[[-]] means (204) for comparing the application frames to be recognized with said 
direct access data structure, 

whereby the recogrution can be performed on any frame component and the 
direct access data structure allows an access time substantially independent from the 
number of rules, 

characterized in that it wherein the network access control device further comprises 
forwarding means, for forwarding the application frame when recognized and return- 
to-sender means, for returrung of the application frame when not recognized , and 
wherein the means for monitoring and interpretation of the application frames 
comprise: 

a) a data packets monitoring device at a layer corresponding to the OSI layer 2. 
said data packets comprising control frames and information frames, wherein the 
control and information frames contain a header portion and a body portion, said 
header portion allowing the distinction between an information frame and a control 
frame; 
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b) a control urut receiving as an input the data coming from the monitoring 
device and comprising means for the discrimination of the control frames from the 
information frames; 

c) a dating urut connected to the control unit and associating a monitoring time 
to the control frames and to the information frames: 

d) a discriminated data storing unit, storing the control and the information 
frames and the monitoring time thereof, bidirectionally cormected to the control unit; 

e) a predetermined data storing unit, bidirectionally cormected to the control 
unit, said predetermined data representing possible interpretations of the information 
frames contained in the discriminated data storing urut; 

f) means for comparing, by the control unit, said predetermined data stored in 
the storing unit with the data contained in the body portion of the information frames 
stored in the discriminated data storing unit, thus reconstructing the information 
frames according to their specific application syntax; 

g) means for ordering, according to the time and kind of communication, the 
information frames reconstructed according to their specific application syntax, thus 
reconstructing application sequences occurred between a determined source processor 
and a determined destination processor; and 

h) means for ordering said information frames ordered according to the time 
and kind of communication also according to a logical criterion, thus reconstructing the 
logical path of said application sequences occurred between a determined source 
processor and a determined destination processor . 

2. (currently amended) The access control device according to claim 1, wherein 
charactorizod in that said compiling means (202) of the predetermined syntactical rules 
comprise: 

[[-]] conversion means, for converting the predetermined syntactical rules in a set 
of basic sequences of numerical identifiers; and 

[[-]] compression means, for compressing the set of sequences thus obtained in a 
direct access data structure. 
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3. (currently amended) The access control device according to claim 1, wherein 
characterized in that said return-to-sender means, for returning the application frames 
when not recognized, return information related to the reason of the failed forwarding. 

4. (currently amended) The access control device according to claim 1, wherein 
characterized in that the predetermined syntactical rules are stored as pairs of 
<object>/<action> fields. 

5. (currently amended) The access control device according to claim 4, wherein 
characterized in that the predetermined syntactical rules are stored as pairs of <data 
type>/ <data value> fields. 

6. (currently amended) The access control device according to claim 4, wherein 
characterized in that the predetermined syntactical rules include one or more joker 
values. 

7. (currently amended) The network access monitoring device according to claim 4, 
wherein characterized in that the field <action> refers to the minimal set of commands 

-Push 

<value> 

<variable> 

<reading position> 

<value at the reading position> 

-Pop 

<variable> 

<reading position> 

<at the reading position> 

-And 

-Mul 

-Add 

- Equal 
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-Next 

- F_send_all 

- F_dynamic. 

8. (currently amended) The access control device according to claims 2, wherein 
charactorizod in that the direct access data structure is represented through a matricial 
structure comprising object fields and action fields. 

9. (canceled) 

10. (currently amended) The access control device according to claim [[9]] 1, wherein 
charactorizod in that said means for ordering said information frames according to a 
logical criterion comprise means for reciprocally comparing the body portion of the 
information frames. 

11. (currently amended) The access control device according to claim [[9]] 1, wherein 
charactorizod in that said means for ordering said information frames according to a 
logical criterion comprise means for comparing each sequence of body portions of the 
information frames with a set of predetermined sequences, said predetermined 
sequences representing possible interpretations of the information frames sequences 
contained in the discriminated data storing unit (17), said predetermined sequences 
being contained in said predetermined data storing unit (18). 

12. (currently amended) The access control device according to claim 1, wherein 
charactorizod in that it is implemented using a board installed on the processor on 
which the client applications operate. 
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